8000 Add #[\SensitiveParameter] to $sessionId · symfony/symfony@32c9f28 · GitHub
[go: up one dir, main page]
Skip to content

Commit 32c9f28

Browse files
mfbmfb
committed
Add #[\SensitiveParameter] to $sessionId
1 parent 1f7bc10 commit 32c9f28

11 files changed

+54
-54
lines changed

src/Symfony/Component/HttpFoundation/Session/SessionUtils.php< 57AE /h3>

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ final class SessionUtils
2525
* Finds the session header amongst the headers that are to be sent, removes it, and returns
2626
* it so the caller can process it further.
2727
*/
28-
public static function popSessionCookie(string $sessionName, string $sessionId): ?string
28+
public static function popSessionCookie(string $sessionName, #[\SensitiveParameter] string $sessionId): ?string
2929
{
3030
$sessionCookie = null;
3131
$sessionCookiePrefix = sprintf(' %s=', urlencode($sessionName));

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -38,21 +38,21 @@ public function open(string $savePath, string $sessionName): bool
3838
return true;
3939
}
4040

41-
abstract protected function doRead(string $sessionId): string;
41+
abstract protected function doRead(#[\SensitiveParameter] string $sessionId): string;
4242

43-
abstract protected function doWrite(string $sessionId, string $data): bool;
43+
abstract protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool;
4444

45-
abstract protected function doDestroy(string $sessionId): bool;
45+
abstract protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool;
4646

47-
public function validateId(string $sessionId): bool
47+
public function validateId(#[\SensitiveParameter] string $sessionId): bool
4848
{
4949
$this->prefetchData = $this->read($sessionId);
5050
$this->prefetchId = $sessionId;
5151

5252
return '' !== $this->prefetchData;
5353
}
5454

55-
public function read(string $sessionId): string
55+
public function read(#[\SensitiveParameter] string $sessionId): string
5656
{
5757
if (isset($this->prefetchId)) {
5858
$prefetchId = $this->prefetchId;
@@ -72,7 +72,7 @@ public function read(string $sessionId): string
7272
return $data;
7373
}
7474

75-
public function write(string $sessionId, string $data): bool
75+
public function write(#[\SensitiveParameter] string $sessionId, string $data): bool
7676
{
7777
// see https://github.com/igbinary/igbinary/issues/146
7878
$this->igbinaryEmptyData ??= \function_exists('igbinary_serialize') ? igbinary_serialize([]) : '';
@@ -84,7 +84,7 @@ public function write(string $sessionId, string $data): bool
8484
return $this->doWrite($sessionId, $data);
8585
}
8686

87-
public function destroy(string $sessionId): bool
87+
public function destroy(#[\SensitiveParameter] string $sessionId): bool
8888
{
8989
if (!headers_sent() && filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL)) {
9090
if (!isset($this->sessionName)) {

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MarshallingSessionHandler.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function close(): bool
3737
return $this->handler->close();
3838
}
3939

40-
public function destroy(string $sessionId): bool
40+
public function destroy(#[\SensitiveParameter] string $sessionId): bool
4141
{
4242
return $this->handler->destroy($sessionId);
4343
}
@@ -47,12 +47,12 @@ public function gc(int $maxlifetime): int|false
4747
return $this->handler->gc($maxlifetime);
4848
}
4949

50-
public function read(string $sessionId): string
50+
public function read(#[\SensitiveParameter] string $sessionId): string
5151
{
5252
return $this->marshaller->unmarshall($this->handler->read($sessionId));
5353
}
5454

55-
public function write(string $sessionId, string $data): bool
55+
public function write(#[\SensitiveParameter] string $sessionId, string $data): bool
5656
{
5757
$failed = [];
5858
$marshalledData = $this->marshaller->marshall(['data' => $data], $failed);
@@ -64,12 +64,12 @@ public function write(string $sessionId, string $data): bool
6464
return $this->handler->write($sessionId, $marshalledData['data']);
6565
}
6666

67-
public function validateId(string $sessionId): bool
67+
public function validateId(#[\SensitiveParameter] string $sessionId): bool
6868
{
6969
return $this->handler->validateId($sessionId);
7070
}
7171

72-
public function updateTimestamp(string $sessionId, string $data): bool
72+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
7373
{
7474
return $this->handler->updateTimestamp($sessionId, $data);
7575
}

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -59,19 +59,19 @@ public function close(): bool
5959
return $this->memcached->quit();
6060
}
6161

62-
protected function doRead(string $sessionId): string
62+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
6363
{
6464
return $this->memcached->get($this->prefix.$sessionId) ?: '';
6565
}
6666

67-
public function updateTimestamp(string $sessionId, string $data): bool
67+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
6868
{
6969
$this->memcached->touch($this->prefix.$sessionId, $this->getCompatibleTtl());
7070

7171
return true;
7272
}
7373

74-
protected function doWrite(string $sessionId, string $data): bool
74+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
7575
{
7676
return $this->memcached->set($this->prefix.$sessionId, $data, $this->getCompatibleTtl());
7777
}
@@ -89,7 +89,7 @@ private function getCompatibleTtl(): int
8989
return $ttl;
9090
}
9191

92-
protected function doDestroy(string $sessionId): bool
92+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
9393
{
9494
$result = $this->memcached->delete($this->prefix.$sessionId);
9595

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MigratingSessionHandler.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
4646
return $result;
4747
}
4848

49-
public function destroy(string $sessionId): bool
49+
public function destroy(#[\SensitiveParameter] string $sessionId): bool
5050
{
5151
$result = $this->currentHandler->destroy($sessionId);
5252
$this->writeOnlyHandler->destroy($sessionId);
@@ -70,27 +70,27 @@ public function open(string $savePath, string $sessionName): bool
7070
return $result;
7171
}
7272

73-
public function read(string $sessionId): string
73+
public function read(#[\SensitiveParameter] string $sessionId): string
7474
{
7575
// No reading from new handler until switch-over
7676
return $this->currentHandler->read($sessionId);
7777
}
7878

79-
public function write(string $sessionId, string $sessionData): bool
79+
public function write(#[\SensitiveParameter] string $sessionId, string $sessionData): bool
8080
{
8181
$result = $this->currentHandler->write($sessionId, $sessionData);
8282
$this->writeOnlyHandler->write($sessionId, $sessionData);
8383

8484
return $result;
8585
}
8686

87-
public function validateId(string $sessionId): bool
87+
public function validateId(#[\SensitiveParameter] string $sessionId): bool
8888
{
8989
// No reading from new handler until switch-over
9090
return $this->currentHandler->validateId($sessionId);
9191
}
9292

93-
public function updateTimestamp(string $sessionId, string $sessionData): bool
93+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $sessionData): bool
9494
{
9595
$result = $this->currentHandler->updateTimestamp($sessionId, $sessionData);
9696
$this->writeOnlyHandler->updateTimestamp($sessionId, $sessionData);

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ public function close(): bool
8484
return true;
8585
}
8686

87-
protected function doDestroy(string $sessionId): bool
87+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
8888
{
8989
$this->getCollection()->deleteOne([
9090
$this->options['id_field'] => $sessionId,
@@ -100,7 +100,7 @@ public function gc(int $maxlifetime): int|false
100100
])->getDeletedCount();
101101
}
102102

103-
protected function doWrite(string $sessionId, string $data): bool
103+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
104104
{
105105
$ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime');
106106
$expiry = new UTCDateTime((time() + (int) $ttl) * 1000);
@@ -120,7 +120,7 @@ protected function doWrite(string $sessionId, string $data): bool
120120
return true;
121121
}
122122

123-
public function updateTimestamp(string $sessionId, string $data): bool
123+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
124124
{
125125
$ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime');
126126
$expiry = new UTCDateTime((time() + (int) $ttl) * 1000);
@@ -136,7 +136,7 @@ public function updateTimestamp(string $sessionId, string $data): bool
136136
return true;
137137
}
138138

139-
protected function doRead(string $sessionId): string
139+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
140140
{
141141
$dbData = $this->getCollection()->findOne([
142142
$this->options['id_field'] => $sessionId,

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,27 +23,27 @@ public function close(): bool
2323
return true;
2424
}
2525

26-
public function validateId(string $sessionId): bool
26+
public function validateId(#[\SensitiveParameter] string $sessionId): bool
2727
{
2828
return true;
2929
}
3030

31-
protected function doRead(string $sessionId): string
31+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
3232
{
3333
return '';
3434
}
3535

36-
public function updateTimestamp(string $sessionId, string $data): bool
36+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
3737
{
3838
return true;
3939
}
4040

41-
protected function doWrite(string $sessionId, string $data): bool
41+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
4242
{
4343
return true;
4444
}
4545

46-
protected function doDestroy(string $sessionId): bool
46+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
4747
{
4848
return true;
4949
}

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -285,7 +285,7 @@ public function open(string $savePath, string $sessionName): bool
285285
return parent::open($savePath, $sessionName);
286286
}
287287

288-
public function read(string $sessionId): string
288+
public function read(#[\SensitiveParameter] string $sessionId): string
289289
{
290290
try {
291291
return parent::read($sessionId);
@@ -305,7 +305,7 @@ public function gc(int $maxlifetime): int|false
305305
return 0;
306306
}
307307

308-
protected function doDestroy(string $sessionId): bool
308+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
309309
{
310310
// delete the record associated with this id
311311
$sql = "DELETE FROM $this->table WHERE $this->idCol = :id";
@@ -323,7 +323,7 @@ protected function doDestroy(string $sessionId): bool
323323
return true;
324324
}
325325

326-
protected function doWrite(string $sessionId, string $data): bool
326+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
327327
{
328328
$maxlifetime = (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'));
329329

@@ -366,7 +366,7 @@ protected function doWrite(string $sessionId, string $data): bool
366366
return true;
367367
}
368368

369-
public function updateTimestamp(string $sessionId, string $data): bool
369+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
370370
{
371371
$expiry = time() + (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'));
372372

@@ -610,7 +610,7 @@ private function rollback(): void
610610
* We need to make sure we do not return session data that is already considered garbage according
611611
* to the session.gc_maxlifetime setting because gc() is called after read() and only sometimes.
612612
*/
613-
protected function doRead(string $sessionId): string
613+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
614614
{
615615
if (self::LOCK_ADVISORY === $this->lockMode) {
616616
$this->unlockStatements[] = $this->doAdvisoryLock($sessionId);
@@ -681,7 +681,7 @@ protected function doRead(string $sessionId): string
681681
* - for oci using DBMS_LOCK.REQUEST
682682
* - for sqlsrv using sp_getapplock with LockOwner = Session
683683
*/
684-
private function doAdvisoryLock(string $sessionId): \PDOStatement
684+
private function doAdvisoryLock(#[\SensitiveParameter] string $sessionId): \PDOStatement
685685
{
686686
switch ($this->driver) {
687687
case 'mysql':
@@ -780,7 +780,7 @@ private function getSelectSql(): string
780780
/**
781781
* Returns an insert statement supported by the database for writing session data.
782782
*/
783-
private function getInsertStatement(string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement
783+
private function getInsertStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement
784784
{
785785
switch ($this->driver) {
786786
case 'oci':
@@ -807,7 +807,7 @@ private function getInsertStatement(string $sessionId, string $sessionData, int
807807
/**
808808
* Returns an update statement supported by the database for writing session data.
809809
*/
810-
private function getUpdateStatement(string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement
810+
private function getUpdateStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement
811811
{
812812
switch ($this->driver) {
813813
case 'oci':
@@ -834,7 +834,7 @@ private function getUpdateStatement(string $sessionId, string $sessionData, int
834834
/**
835835
* Returns a merge/upsert (i.e. insert or update) statement when supported by the database for writing session data.
836836
*/
837-
private function getMergeStatement(string $sessionId, string $data, int $maxlifetime): ?\PDOStatement
837+
private function getMergeStatement(#[\SensitiveParameter] string $sessionId, string $data, int $maxlifetime): ?\PDOStatement
838838
{
839839
switch (true) {
840840
case 'mysql' === $this->driver:

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/RedisSessionHandler.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -50,20 +50,20 @@ public function __construct(
5050
$this->ttl = $options['ttl'] ?? null;
5151
}
5252

53-
protected function doRead(string $sessionId): string
53+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
5454
{
5555
return $this->redis->get($this->prefix.$sessionId) ?: '';
5656
}
5757

58-
protected function doWrite(string $sessionId, string $data): bool
58+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
5959
{
6060
$ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime');
6161
$result = $this->redis->setEx($this->prefix.$sessionId, (int) $ttl, $data);
6262

6363
return $result && !$result instanceof ErrorInterface;
6464
}
6565

66-
protected function doDestroy(string $sessio 10000 nId): bool
66+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
6767
{
6868
static $unlink = true;
6969

@@ -93,7 +93,7 @@ public function gc(int $maxlifetime): int|false
9393
return 0;
9494
}
9595

96-
public function updateTimestamp(string $sessionId, string $data): bool
96+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
9797
{
9898
$ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime');
9999

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,30 +47,30 @@ public function open(string $savePath, string $sessionName): bool
4747
return $this->handler->open($savePath, $sessionName);
4848
}
4949

50-
protected function doRead(string $sessionId): string
50+
protected function doRead(#[\SensitiveParameter] string $sessionId): string
5151
{
5252
return $this->handler->read($sessionId);
5353
}
5454

55-
public function updateTimestamp(string $sessionId, string $data): bool
55+
public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool
5656
{
5757
return $this->write($sessionId, $data);
5858
}
5959

60-
protected function doWrite(string $sessionId, string $data): bool
60+
protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool
6161
{
6262
return $this->handler->write($sessionId, $data);
6363
}
6464

65-
public function destroy(string $sessionId): bool
65+
public function destroy(#[\SensitiveParameter] string $sessionId): bool
6666
{
6767
$this->doDestroy = true;
6868
$destroyed = parent::destroy($sessionId);
6969

7070
return $this->doDestroy ? $this->doDestroy($sessionId) : $destroyed;
7171
}
7272

73-
protected function doDestroy(string $sessionId): bool
73+
protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool
7474
{
7575
$this->doDestroy = false;
7676

0 commit comments

Comments
 (0)
0